CVE-2017-20021
09.06.2022, 23:15
A vulnerability, which was classified as critical, was found in Solare Solar-Log 2.8.4-56/3.5.2-85. This affects an unknown part of the component File Upload. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.Enginsight
| Vendor | Product | Version |
|---|---|---|
| solar-log | solar-log_250_firmware | 2.8.4-56 |
| solar-log | solar-log_250_firmware | 3.5.2-85 |
| solar-log | solar-log_300_firmware | 2.8.4-56 |
| solar-log | solar-log_300_firmware | 3.5.2-85 |
| solar-log | solar-log_500_firmware | 2.8.4-56 |
| solar-log | solar-log_500_firmware | 3.5.2-85 |
| solar-log | solar-log_800e_firmware | 2.8.4-56 |
| solar-log | solar-log_800e_firmware | 3.5.2-85 |
| solar-log | solar-log_1000_firmware | 2.8.4-56 |
| solar-log | solar-log_1000_firmware | 3.5.2-85 |
| solar-log | solar-log_1000_pm\+_firmware | 2.8.4-56 |
| solar-log | solar-log_1000_pm\+_firmware | 3.5.2-85 |
| solar-log | solar-log_1200_firmware | 2.8.4-56 |
| solar-log | solar-log_1200_firmware | 3.5.2-85 |
| solar-log | solar-log_2000_firmware | 2.8.4-56 |
| solar-log | solar-log_2000_firmware | 3.5.2-85 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-269 - Improper Privilege ManagementThe software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
- CWE-434 - Unrestricted Upload of File with Dangerous TypeThe software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.